kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
689 Commits 2 Branches 14 Tags
5c82f1ed3eb21d6a6999748ca19d26cefaf7598c
Commit Graph

91 Commits

Author SHA1 Message Date
cat 5c82f1ed3e helper/stub: output to stdout 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 17:25:10 +09:00
cat b39f3aeb59 helper: remove bubblewrap wrapper 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 05:35:02 +09:00
cat 1b9408864f sandbox: pass cmd to cancel function 
This is not usually in scope otherwise.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 22:36:39 +09:00
cat 24618ab9a1 sandbox: move out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:55:36 +09:00
cat 9ce4706a07 sandbox: move params setup functions 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:48:32 +09:00
cat 9a1f8e129f sandbox: wrap fmsg interface 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:44:07 +09:00
cat ee10860357 seccomp: install output atomically 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 01:10:27 +09:00
cat 44277dc0f1 dbus: run in native sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 00:13:14 +09:00
cat 42de09e896 helper: implement native container backend 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 02:57:46 +09:00
cat 1576fea8a3 helper: raise WaitDelay during tests 
Helper runs very slowly with race detector. This prevents it from timing out.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 02:49:41 +09:00
cat 273d97af85 ldd: lib paths resolve function 
This is what always happens right after a ldd call, so implement it here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 01:20:09 +09:00
cat 891316d924 helper/stub: copy args to stderr 
Some helpers are implemented via go test itself in tests, and as a result stdout gets clobbered.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 00:39:42 +09:00
cat 6e7ddb2d2e helper: eliminate commandContext replacement 
This is done more cleanly by modifying Args in cmdF.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 00:01:25 +09:00
cat 10a21ce3ef helper: expose extra files to direct 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 02:27:40 +09:00
cat 0f1f0e4364 helper: combine helper ipc setup 
The two-step args call is no longer necessary since stat is passed on initialisation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 02:10:22 +09:00
cat f9bf20a3c7 helper: rearrange initialisation args 
This improves consistency across two different helper implementations.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 01:06:31 +09:00
cat 73c1a83032 helper: move process wrapper to direct 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 00:33:25 +09:00
cat f443d315ad helper: clean up interface 
The helper interface was messy due to odd context acquisition order. That has changed, so this cleans it up.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 00:27:44 +09:00
cat 9e18d1de77 helper/proc: pass extra files and start 
For integration with native container tooling.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 23:23:57 +09:00
cat 2647a71be1 seccomp: move out of helper 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 22:42:40 +09:00
cat 7c60a4d8e8 helper: embed context on creation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 18:30:22 +09:00
cat 29c3f8becb helper/seccomp: improve error handling 
This passes both errno and libseccomp return value.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-12 15:52:48 +09:00
cat be16970e77 helper/seccomp: seccomp_load on negative fd 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-12 15:18:52 +09:00
cat 61e58aa14d helper/proc: expose setup file 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-09 17:22:31 +09:00
cat 39dc8e7bd8 dbus: set process group id 
This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 18:12:41 +09:00
cat eda4d612c2 fortify: keep external files alive 
This should eliminate sporadic failures, like the known double close in "seccomp".

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 03:24:37 +09:00
cat d1f83f40d6 helper/bwrap: rename Write to WriteFile 
In case this might want to be an io.Writer.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-19 00:34:19 +09:00
cat e599b5583d fmsg: implement suspend in writer 
This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 18:51:53 +09:00
cat 1fa5e992e4 helper/bwrap: expose address of DataConfig 
This allows the caller to defer fulfilling its payload.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 12:33:59 +09:00
cat 72b0160aad helper/bwrap: implement file copy flags 
These are significantly more efficient and less error-prone than mounting an external tmpfile. This should also reduce attack surface as the resulting files are private to its specific sandbox.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 03:13:15 +09:00
cat be7d944b39 helper/bwrap: PositionalArg implement fmt.Stringer 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 00:11:48 +09:00
cat ace97952cc helper/bwrap: merge Args and FDArgs 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:13:06 +09:00
cat 88040504b2 helper/bwrap: remove fmsg import 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:05:00 +09:00
cat fe7d208cf7 helper: use generic extra files interface 
This replaces the pipes object and integrates context into helper process lifecycle.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:34:15 +09:00
cat 60c2873750 helper/proc: cancel ec on parent ctx 
This allows errors written during a timeout to be received and handled.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:08:28 +09:00
cat d1d20c06fb helper/seccomp: use sync.Once for closeWrite 
This makes the code much cleaner, and eliminates the intermittent ErrInvalid errors.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 22:49:16 +09:00
cat 1e6a059668 helper/seccomp: benchmark exporter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 22:37:51 +09:00
cat 58eb8f971d proc/pipe: implement args and stat file 
This is a generic implementation of helper/pipe.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 19:57:24 +09:00
cat 0a1d7c01cd helper/proc: count dispatched errs 
This helps debug implementation errors of [proc.File].

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 19:55:37 +09:00
cat 60ca1c6c55 helper/proc: store file addresses in linked list 
Storing extra files as a slice requires the caller to allocate a large enough slice before initialising any file and never grow the slice.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 17:42:12 +09:00
cat 099da78af5 helper/seccomp: eliminate data race on pfd 
Turns out the doc comment on os.File was lying about its methods being safe for concurrent use. The race detector picked up a data race from concurrent use of Fd and Close.

This change eliminates that by calling Fd in the prepare routine.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 10:40:51 +09:00
cat 18466cfd02 helper/proc: declare generic extra files interface 
Helpers use extra files for various purposes. This provides a generic interface for implementing the fulfillment of these extra files without having to specifically handle them in the process creation code.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-11 16:34:47 +09:00
cat e14923ae53 helper/proc: move package out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-08 13:03:45 +09:00
cat 568d7758d5 helper/seccomp: panic on invalid closeWrite use 
Returning an error here puts exporter in an invalid state. The caller should guard against this condition instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 12:58:20 +09:00
cat 5b7b3fa9a4 helper/seccomp: implement reader interface via pipe 
This also does not require the libc tmpfile call.

BPF programs emitted by libseccomp seems to be deterministic. The tests would catch regressions as it verifies the program against known good output backed by manual testing.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-03 19:43:03 +09:00
cat 7b96cd6ded helper/seccomp: do not call F_println if not verbose 
This (slightly) improves performance.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 13:19:38 +09:00
cat 163f15e93f helper/seccomp: separate seccomp package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 12:59:11 +09:00
cat 37780456a7 helper: block more unusual/privileged syscalls 
These are toggled by F_EXT and exposed as SyscallPolicy.Compat in the Go interface.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 12:35:47 +09:00
cat 9a239fa1a5 helper/bwrap: integrate seccomp into helper interface 
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 01:52:57 +09:00
cat eb0ef2d115 helper/bwrap: generic extra file interface 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-20 00:20:04 +09:00